Anti-bribery management systems – terms and definitions
The terms and definitions are as described in the draft ISO 37001 Anti-bribery management systems standard.
|Anti-bribery compliance function||Person(s) with responsibility and authority for the operation of the anti-bribery management system.|
|Audit||Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. |
Note 1: An audit can be an internal audit (first party) or an external audit (second party or third party), and it can be a combined audit (combining two or more disciplines).
Note 2: An internal audit is conducted by the organisation itself, or by an external party on its behalf. “Audit evidence” and “audit criteria” are defined in ISO 19011.
|Authority||Authority in the context of the Anti-bribery compliance function means that the relevant person(s) assigned the compliance responsibility must be granted sufficient authority by top management so as to be able to undertake the compliance responsibilities effectively.|
|Bribery||Bribery means for any person intentionally to offer, promise or give any undue pecuniary or other advantage, whether directly or through intermediaries, to a another person, for that other person or for a third party, in order that the said other person act or refrain from acting in relation to the performance of its duties, in order to obtain or retain business or other improper advantage in the conduct of business.|
|Business Associate||External party with whom the organisation has, or plans to establish, some form of business relationship. |
Note 1: Business associate includes but is not limited to clients, customers, joint ventures, joint venture partners, consortium partners, outsourcing providers, contractors, consultants, sub-contractors, suppliers, vendors, advisors, agents, distributors, representatives, intermediaries and investors. This definition is deliberately broad and should be interpreted in line with the bribery risk profile of the organisation to apply to business associates which may reasonably expose the organisation to bribery risks.
Note 2: Different types of business associate pose different types and degrees of bribery risk, and an organisation will have differing degrees of ability to influence different types of business associate. Different types of business associate may therefore be treated differently by the organisation’s bribery risk assessment and bribery risk management procedures.
Note 3: Reference to “business” in this context can be interpreted broadly to mean those activities that are relevant to the purposes of the organisation’s existence.
|Competence||Ability to apply knowledge and skills to achieve intended results. |
Competence in the context of the Anti-bribery compliance function means that the relevant person(s) assigned the compliance responsibility must have the personal ability to deal with the requirements of the role, and the willingness and enthusiasm to learn about the role and perform it appropriately. As this role is relatively new, and there is only a small pool of people with prior experience of it, the person does not need to have prior experience of such a role.
|Conflict of Interest||Situation where business, financial, family, political or personal interest could interfere with the judgment of personnel in carrying out their duties for the organisation.|
|Conformity||Fulfilment of a requirement.|
|Continual Improvement||Recurring activity to enhance performance.|
|Corrective Action||Action to eliminate the cause of a nonconformity and to prevent recurrence.|
|Corruption||Corruption means (i) bribery and (ii) relating fraudulent practices in particular about books and records and traffic of influence.|
|Documented Information||Information required to be controlled and maintained by an organisation and the medium on which it is contained. |
Note 1: Documented information can be in any format and media and from any source.
Note 2: Documented information can refer to: the management system, including related processes; information created in order for the organisation to operate (documentation); evidence of results achieved (records).
|Due Diligence||Process to further assess the nature and extent of the bribery risk and help organisations make decisions in relation to specific transactions, projects, activities, business associates and personnel.|
|Effectiveness||Extent to which planned activities are realised and planned results achieved.|
|Ensure||Take reasonable and proportionate steps with the intent of achieving the stated objective.|
|Extortion payment||An extortion payment is when money is forcibly extracted from personnel by real or perceived threats to safety or liberty. The safety and liberty of personnel is paramount and many legal systems do not criminalise the making of a payment by someone who reasonably fears for their or someone else’s safety or liberty.|
|Facilitation payment||Facilitation payment is the term sometimes given to an illegal or unofficial payment made in return for services which the payer is legally entitled to receive without making such payment.|
|Governing body||Group or body that has the ultimate responsibility and authority for an organisation’s activities, governance and policies and to which top management reports and by which top management is held accountable (i.e. Board of directors, committees of the board, supervisory board, trustees or overseers). |
Note 1: Not all organisations, particularly small organisations, will have a governing body separate from top management.
Note 2: A governing body may include but is not limited to board of directors, supervisory board, trustees or overseers.
|Independence||Independence in the context of the Anti-bribery compliance function means that the relevant person(s) assigned the compliance responsibility must as far as possible not be personally involved in the activities of the organisation which are exposed to bribery risk. This can more easily be achieved where the organisation has appointed a person to handle the role full time, but is more difficult for a smaller organisation which has appointed a person to combine the compliance role with other functions. In the case of a part time role, sales managers and operational managers who could face bribery risks day to day should not also hold the compliance role function. It is better held part time by a manager in finance or another support function. In a very small organisation, it may be impossible to achieve independence, in which case the appropriate person must to the best of their ability separate their operational responsibilities from their compliance responsibilities so as to be impartial.|
|Interested Party (Stakeholder)||Person or organisation that can affect, be affected by, or perceive itself to be affected by a decision or activity. |
Note 1: A stakeholder can be internal or external to the organisation.
|Management System||Set of interrelated or interacting elements of an organisation to establish policies and objectives and processes to achieve those objectives. |
Note 1: A management system can address a single discipline or several disciplines.
Note 2: The system elements include the organisation’s structure, roles and responsibilities, planning and operation.
Note 3: The scope of a management system may include the whole of the organisation, specific and identified functions of the organisation, specific and identified sections of the organisation, or one or more functions across a group of organisations.
|Measurement||Process to determine a value.|
|Monitoring||Determining the status of a system, a process or an activity. |
Note 1: To determine the status, there may be a need to check, supervise or critically observe.
|Non-Conformity||Non-fulfilment of a requirement.|
|Objective||Result to be achieved. |
Note 1: An objective can be strategic, tactical, or operational.
Note 2: Objectives can relate to different disciplines (such as financial, sales and marketing, procurement, health and safety, and environmental goals) and can apply at different levels (such as strategic, organisation-wide, project, product and process).
Note 3: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as an anti-bribery objective, or by the use of other words with similar meaning (e.g. aim, goal, or target).
Note 4: In the context of anti-bribery management systems, anti-bribery objectives are set by the organisation, consistent with the anti-bribery policy, to achieve specific results.
|Organisation||Person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives. |
Note 1: The concept of organisation includes, but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.
Note 2: For organisations with more than one operating unit one of more of the operating units may be defined as an organisation.
|Outsource||Make an arrangement where an external organisation performs part of an organisation’s function or process. |
Note 1: An external organisation is outside the scope of the management system, although the outsourced function or process is within the scope.
|Performance||Measurable result. |
Note 1: Performance can relate either to quantitative or qualitative findings.
Note 2: Performance can relate to the management of activities, processes, products (including services), systems or organisations.
|Personnel||Organisation’s directors, officers, employees and temporary staff or workers, and volunteers. |
Note 1: Different types of personnel pose different types and degrees of bribery risk and therefore may be treated differently by the organisation’s bribery risk assessment and bribery risk management procedures.
|Policy||Intentions and direction of an organisation, as formally expressed by its top management or its governing body.|
|Process||Set of interrelated or interacting activities which transforms inputs into outputs.|
|Public official||Any person holding a legislative, administrative or judicial office, whether appointed or elected, or any person exercising a public function, including for a public agency or public enterprise, or any official or agent of a public domestic or international organisation, or any candidate for public office. |
Note 1: The term public official is defined broadly in many anti-corruption laws and can include the following; (a) public office holders at the national, state/provincial or municipal level, including members of legislative bodies, executive office holders and the judiciary; (b) officials of political parties; (c) candidates for public office; (d) government employees, including employees of ministries, government agencies, administrative tribunals and public boards; (e) officials of public international organisations, such as the World Bank, United Nations, International Monetary Fund etc. (f) employees of state-owned enterprises, unless the enterprise operates on a normal commercial basis in the relevant market, i.e. on a basis which is substantially equivalent to that of a private enterprise, without preferential subsidies or other privileges.
The above list is not exhaustive and not all examples may apply in all jurisdictions. In assessing its anti-bribery risks, an organisation should take into account the categories of public officials with which it deals or may deal, and seek legal advice in the case of uncertainty.
In many jurisdictions, relatives and close associates of public officials are also to be considered to be public officials for the purposes of anti-corruption laws.
|Requirement||Need that is stated and obligatory.|
|Risk||Effect of uncertainty on objectives. |
Note 1: An effect is a deviation from the expected — positive or negative.
Note 2: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.
Note 3: Risk is often characterised by reference to potential “events” and “consequences”, or a combination of these.
Note 4: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated “likelihood” of occurrence.
|Stakeholder||Person or organisation that can affect, be affected by, or perceive itself to be affected by a decision or activity. |
Note 1: A stakeholder can be internal or external to the organisation.
|Status||Status in the context of the Anti-bribery compliance function means that the relevant person(s) assigned the compliance responsibility must be sufficiently senior in the organisation that other personnel will listen to and respect the person’s opinions.|
|Third party||Person or body that is independent of the organisation. |
Note 1: All business associates are third parties but not all third parties are business associates.
|Top Management||Person or group of people who directs and controls an organisation at the highest level. |
Note 1: Top management has the power to delegate authority and provide resources within the organisation.
Note 2: If the scope of the management system covers only part of an organisation, then top management refers to those who direct and control that part of the organisation.
Note 3: Organisations can be organised depending on which legal framework they are obliged to operate under and also according to their size, sector etc. Some organisations may have both a governing body and top management, while some organisations may not have responsibilities divided into several bodies. These variations, both in respect of organisation and responsibilities, can be considered when applying the requirements in relation to leadership.